Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

USAID Finds Safe Haven from Hackers

Case study: The U.S. Agency for International Development was an easy target for hackers until it turned to SIM technology.

Uganda, Senegal, Uzbekistan, Moldova, Ecuador, Haiti—name any impoverished country in the world, and the U.S. Agency for International Development is probably there on the ground. Increasingly, however, USAIDs humanitarian offense is relying on a solid IT security defense.

With a new financial record-keeping system due to come online within the next six months, USAID has sharpened its focus on hacking threats, using SIM (security incident management) technology to correlate and manage data from political and humanitarian hot spots around the world and to keep billions of dollars in U.S. development money flowing.

USAID sprang into existence with a stroke of the pen by President John F. Kennedy in 1961 and has provided economic and humanitarian aid as well as development assistance to needy countries ever since. The agency consolidated a hodgepodge of foreign aid and development organizations that grew out of the U.S. governments post-World War II Marshall Plan for rebuilding Europe.

The olive branch of U.S. foreign policy, USAID does most of its work in the background: helping Ugandan flower growers break into the U.S. market, battling armyworm infestations in Tanzania, providing food assistance in drought-plagued Kenya or helping to electrify rural India.

Maintaining operations in some of the worlds poorest countries has never been easy for a 21st-century aid organization with $9 billion in direct aid to distribute in conjunction with the U.S. Department of State. But more and more, USAIDs reputation as an agency of do-gooders with money to hand out makes the organization a popular target for malicious hackers, online criminal groups and others hostile to the United States, said Philip Heneghan, chief information security officer at USAID.

USAIDs field offices were natural targets, said Tracey Hulver, director of product management at NetForensics, in Edison, N.J.

"True or not, people feel like, if a machine is sitting in the Congo, its easier to access than a central hub in Washington, D.C.," Hulver said.

Until recently, USAID was an easy target, too. The agency was failing audits of its IT security and received a "C-" in 2003 on the House Government Reform Committees Federal Security Report Card, a measure of federal agencies compliance with FISMA (Federal Information Security Management Act) of 2002.

Like many organizations, USAID had a potpourri of different security products deployed around the globe, such as IDSes (intrusion detection systems) and firewalls, producing reams of data that nobody was looking at.

USAID also had no way to parse the data that was being produced by the devices, making incident response "pretty random," Hulver said.